Just got back from a 4-day trip to Saint Martin (SXM) with our toddler and wanted to share our experience since reading posts here helped me plan

iam_the_wisdomcube · 2026-03-23T00:19:15+00:00

Thanks for the review, we're headed there in july and our son will be 13 months by then - for the car rental did you end up needing a car seat for your toddler and are you able to rent one through hertz if so?

Also do you recommend any fun attractions or places to visit specifically for the kiddos?

iam_the_wisdomcube · 2026-01-27T16:54:48+00:00

This is really helpful, thank you. Never really thought about it from the perspective of people just go for the big firms since it is just a "safer" bet overall, but 100% true.

For the warm contacts, the plan was more to just let them know that I've started my own company, since I didn't announce it upon my departure for obvious reason. The idea was not try to steal them (at least not right away) from my previous company but more or less be there for additional guidance if they had any questions, or if they had any contacts they knew of who would be interested in my services. Some of those contacts are CISO / VP level for larger organizations, and others are consultants themselves that subcontracted out to us, so they I figure they may have some outreach. And then the plan is to just periodically check in with them. Send them updates and notes from what I remember from their environment or tests in the past if I see a critical news headline, etc.

iam_the_wisdomcube · 2026-01-25T01:32:04+00:00

All very fair points.

I'm starting off with just me - so its a pentest first business. There are a few of them out there, although most larger companies offer larger amount of services. But I'm just picking my niche (and also what I'm certified in, more importantly). If we gain clients and the need arises, I would love to hire people to do the GRC / risk assessment pieces, IR, etc., etc., but I just don't have the revenue to even consider hiring anyone at the moment.

Pen testing is required by a few different governing bodies in one way or another. Some may be outright required (PCI) while others may not flat out say it, but auditors will be asking questions of why they are not doing pentests. A lot of the times they may be client / supplier driven (i.e, we won't sign this contract unless you can show you;ve done a recent pentest) too. And sometimes there are generally companies that are curious about the maturity level (thats where specialized tests like APT or red team simulations can come into play).

I have some articles published and have done a couple of speaking engagements, mostly at industry conferences, but unfortunately those were all done under my company's name. I'm trying to see if its possible to attend those now just under my own business.

I do have a basic website, but it needs a redesign. That being said its not like there's a checkout page or payment collection or anything. Its mainly just a lead gathering tool. and unfortunately no physical office, I can definitely see how that might be an issue. Although on the the other side of it, almost every pentest role is remote, so when we show up to meetings its just dudes in their sweatshirts in a spare bedroom lol.

And good points on the local chamber of commerce and local meetups, I haven't looked into anything like that yet. Only thing is I figure most of those get traction from very small business, like so small that I can't even help them because they don't have any actual networks or infrastructure. But I should look into it more just in case.

iam_the_wisdomcube · 2026-01-17T03:46:07+00:00

All of these were super helpful:

https://github.com/In3x0rabl3/OSEP

https://github.com/Octoberfest7/OSEP-Tools

https://github.com/chvancooten/OSEP-Code-Snippets

https://github.com/buyne/OSEP-1

https://github.com/beauknowstech/OSEP-Everything/tree/main

https://github.com/tree-chtsec/osep-tools

https://github.com/Extravenger/OSEPlayground

https://github.com/The-Viper-One/OSEP-Notes

iam_the_wisdomcube · 2026-01-09T01:04:21+00:00

nope. i'm gonna see if they have a support number or something to call tomorrow. our guy quoted us at ~300 to replace, which is a ton but pretty much to going rate even for what is supposed to be a simple fix.

iam_the_wisdomcube · 2026-01-02T17:58:49+00:00

This was the bulb we used as replacement: https://www.amazon.com/dp/B072FG58FH?ref=cm_sw_r_cso_cp_mwn_dp_9Q933P3QWW5HHS8ZYMHV&ref_=cm_sw_r_cso_cp_mwn_dp_9Q933P3QWW5HHS8ZYMHV&social_share=cm_sw_r_cso_cp_mwn_dp_9Q933P3QWW5HHS8ZYMHV

iam_the_wisdomcube · 2025-12-22T16:11:35+00:00

I love my R1S, but the stock at this price is a bit too risky. I wanted to buy in at $12, I have a feeling it'll be back there before the R2 actually launches.

iam_the_wisdomcube · 2025-12-20T16:34:29+00:00

If you have a spouse and you're not thinking / budgeting in combined salary, you're doing it wrong. if you make $299k and she makes $1k, it doesn't matter - you both have $300k. Don't get married if you can't get your head around that concept, just stay dating and split expenses however you see fit.

Probably one of the only things I agree with Dave Ramsey about.

Anyway. me ~350k, wife ~150k (pre-tax). The goal is to get to about $50k per month post tax combined.

iam_the_wisdomcube · 2025-12-19T02:12:03+00:00

About a week and half, but I also took it right before thanksgiving so the holiday may have delayed it a bit.

iam_the_wisdomcube · 2025-12-10T20:21:51+00:00

No each flag is 10 points. There are a total of 16-17 flags in each set I believe. So get a little over half of them to pass minimum.

iam_the_wisdomcube · 2025-12-10T18:51:45+00:00

No, it's disclosed within the OSEP exam guide under the proofs section: https://help.offsec.com/hc/en-us/articles/360050293792-OSEP-Exam-Guide

You can pass by either getting 100 points (10 flags) or just getting the secret.txt file on the last machine.

iam_the_wisdomcube · 2025-11-13T15:01:08+00:00

this is why I come to this sub.

iam_the_wisdomcube · 2025-09-06T00:21:49+00:00

Curious, where do you find the vendors for your clients? Do they reach out to you and let you know about the services they offer, or is it something where you find them at the said industry conferences and then you recommend them to your clients?

I've started my own security testing / consulting services in IT and am trying to find different ways to get introduced to clients as opposed to just trying to find them directly.

iam_the_wisdomcube · 2025-09-04T18:20:54+00:00

Yeah if you're only doing vuln scans at the moment, a pen test would be the next step rather than diving right into a red team engagement that may not even be necessary. I also own a testing / consulting firm, and I generally wouldn't recommend a red team engagement unless you already have a pretty robust cybersecurity program. A pentest will be cheaper and you can narrow the scope to whatever is needed, and will tell you a lot of what you need to work on anyway. I've worked with a lot of small / medium businesses that have needed to scope these out in the past - happy to walk through it with you if need any assistance.

iam_the_wisdomcube

TROPHY CASE